What is a phishing attack and how can you protect yourself from it?

After reading this article, you will be able to better understand:

• What a phishing attack is and how it works
• The different types of phishing
• The Motives Behind Phishing
• Implications for SMEs
• How to protect yourself from phishing

Phishing is like fishing

Phishing is one of the oldest and most documented cyberattacks . It takes its name from the English word "fishing," which means to fish, and has been translated into French as "hameçonnage," due to the hooks used to catch fish.

In phishing, the user is the fish, and the cybercriminal is the fisherman. The cybercriminal uses various means to trick the user into committing an act that will allow them to transmit valuable confidential information or download malware.

This method is extremely widespread in the professional world. Did you know that one in 323 emails received by a company is malicious ? This is why it is essential for managers and employees of an SME to understand how phishing attacks work.

“One in 323 emails a business receives is malicious”
– Casey Crane, HashedOut

How does a phishing attack work?

This type of attack can take place in several ways and will usually begin with a message sent to the user. Traditionally, these were emails, but new phishing methods have adapted to the various communication technologies that have emerged. Phishing attacks are now carried out via email, SMS, direct messaging, and even telephone.

To carry out the attack, the hacker will assume the guise of an entity known to the user. The message sent by the cybercriminal will resemble (very much or very little—depending on their skills) an official communication from the entity in question. This could be a bank, a customer, a supplier, etc.

The user may then be encouraged to click on a link that will take them to a fraudulent webpage where they will be asked for their login information. Sometimes, the user will even be asked to share their information directly in response to the email. Other times, they will be encouraged to download an attachment that contains malware, such as a cryptovirus or a Trojan horse.

What are the challenges for small and medium-sized businesses?

Anything related to cybersecurity should be of concern to small and medium-sized businesses, as they are the most targeted by cybercriminals. According to TEISS , a British cybersecurity journal, fraudulent emails are the main concern for SME managers.

Additionally, a survey by the same newspaper also concluded that while 64% of SME owners outsource technical support for their business, 10% of them do not have any technical resources to help them on the IT side.

These are certainly alarming figures when you consider that 60% of companies that are forced to shut down after a cyberattack will never resume operations .

“10% of companies have no technical resources to help them with IT”
– Jay Jay, TEISS

Types of phishing attacks

There are three main types of phishing attacks: spear phishing, whaling, and clone phishing. Here's a brief overview of each.

1. Harpooning

Derived from the English term "spear fishing," spear phishing is a form of cyberattack that is specifically directed at a person or company. Unlike mass phishing, spear phishing aims to use privileged information to trap users.

2. Whaling

Derived from the word "whaling," whale fishing targets managers and business leaders. In this situation, the content of the message will be tailored to trap an employee at the top of the organization's decision-making pyramid.

3. Clone phishing

Loosely translated from the term clone phishing, this latest form of phishing aims to copy an official message sent in the past almost verbatim, with its links or attachments altered. These messages are often the most difficult to counter due to their genuine and professional appearance.

How to protect yourself from a phishing attack?

There are several ways you can protect your business from the many phishing attempts that threaten you and your employees.

In addition to the IT tools and solutions at your disposal that increase your protection, it's important to train your employees on how to recognize fraudulent messages. It's essential to implement good security practices internally. After all, the user is the first line of defense against cyberattacks.

IT tools and solutions to protect yourself

More and more artificial intelligence solutions are emerging to counter phishing attempts. With machine learning, these solutions can teach themselves to detect fraudulent messages and block them. Google's Gmail solution already has a basic version of this technology.

Recognizing a Phishing Attack Attempt

There are several factors that will help your employees differentiate a legitimate message from a fraudulent one.

When it comes to phishing, the key is vigilance. Here's a list of details to look for in a message that seems suspicious.

• This is someone you know, but don't usually communicate with.
• The domain name is not the same as the one usually used.
• The message is alarming and asks you to take action immediately.
• The content of the message is poorly written and contains several spelling mistakes.
• The message contains an attachment that you are not used to seeing.
• The message contains several links that appear suspicious.
• The website URL is not the same as the link.
• The links in the message take you to a website that is not secure. Always look for the abbreviation "HTTPS" in the top left corner of the page.

Nexxo can help protect you against phishing attacks

For the good of your business and to counter the risks associated with phishing attacks, the vigilance of all your staff is essential.

Wondering if you're ready to face the many cyber threats looming over your business? Don't hesitate to contact us today; we'll work with you to explore how we can contribute to your company's success by implementing reliable cybersecurity solutions. The initial meeting requires no financial investment on your part.